Working in IT for the U.S. DoD

Working in IT for the U.S. DoD

Step into the world of U.S. DoD IT roles. Equip yourself with the knowledge of pivotal DoD Directives and achieve the certifications that set you apart.

DoD Directives 8570, 8570.01-M, and 8140

If you’re interested in working in any technology-related role for the U.S. Department of Defense, you are required per Directive 8140 (which replaced Directive 8570) to obtain and maintain industry certification credentials that have been accredited by the American National Standards Institute (ANSI). This is true for everyone (both civilians and those still serving in the military) who will have privileged access to DoD’s Information Systems.

CCS Learning Academy offers qualified certificate courses from accreditors like CompTIA, (ISC)2, and more! Veterans can work with us to get the credentials they need to be hired for DoD cybersecurity jobs. We can also help individuals obtain the continuing education credits necessary to maintain their existing certifications.


73 %

of workers say that the top benefit of certification is credibility.

57 %

of workers say a certification will help them advance in their current job.

56 %

of workers say a certification will improve their chances for a new position.

In recent CompTIA research, the large majority of IT and business executives involved in security indicated that IT staff certification has made a difference.

CCS Learning Academy

CCS Learning Academy Logo

Trusted experts in the technology sector since 1997

IT & business training for professionals at all levels

A network of trainers and clients spanning the entire U.S.

Certifications Approved for DoD Directive 8140/8570.01-M

DoD Directive 8140 is a replacement on and expansion of Directive 8570, which was first released in 2005 to help the DoD manage and audit its cybersecurity personnel. Since then, both the world and technology have changed – a lot! DoD 8140 is the result of several important decisions made to better reflect today’s tech landscape and job market.

Among other updates to DoD 8570, DoD 8140 covers the following:

  • Updates and expansions on DoD policies, processes, and responsibilities around managing its cybersecurity workforce.
  • The establishment of a DoD cyberspace workforce management council.
  • Unification and alignment of technology work roles with regard to baseline qualifications and training requirements.

DoD technology jobs are an excellent fit for many Veterans, as their experiences and clearances translate into distinct advantages in this environment. CCS Learning Academy can help you understand what career pathways are available, what certifications you will need along the way, and how to launch a successful IT career at the U.S. DoD.


Download this guide to see the complete roadmap to success for aspiring DoD technology professionals per Directive 8140/8570.01-M.

More CompTIA Certifications Now Approved for Directive 8140/8570.01-M!

CompTIA is proud to be the leading choice in certifications for DoD personnel and contractors, helping hundreds of thousands of servicemen, servicewomen, and DoD civilians to meet their Directive 8140/8570 requirements. CompTIA certifications also serve as the building blocks for more advanced certifications; for example, CompTIA Network+ and Security+ are accepted as prerequisites to the Microsoft Software & Systems Academy training course.


CompTIA A+

This credential validates the foundational knowledge for IT Technical Support. It’s recognized as the standard for foundation-level IT knowledge and skills, including installing, configuring, diagnosing and preventive maintenance of hardware and software components, as well as networks and soft skills.


CompTIA Network+

This credential validates the knowledge of networking professionals with at least 9-12 months of experience in network support or administration or adequate academic training. Many corporations recommend or require this certification for their IT employees; it is one of CompTIA’s core certifications.


CompTIA Security+

This credenttial validates mastery of security knowledge for an individual with two years of on-the-job networking experience, with emphasis on security. The exam covers threats, attacks, and vulnerabilities; technologies and tools; architecture and design; identity and access management; risk management; and cryptography and PKI.


CompTIA Cloud+

Approved for three 8140/8570 job roles, this certification validates the expertise needed to maintain and optimize cloud infrastructure services. IT professionals with a Cloud+ certification can better realize the return on investment of cloud infrastructure services. Cloud+ reflects the breadth of skills needed for data center job roles.



Approved for five 8140/8570 job roles, this is designed for IT security analysts as well as vulnerability and threat intelligence analysts. The successful candidate has the knowledge and skills required to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organization.



This certification is designed to meet the growing demand for advanced IT security in the enterprise. It tests critical thinking and judgment across a broad spectrum of security disciplines and requires candidates to implement clear solutions in complex environments. The exam covers enterprise security, risk management and incident response, research and analysis, integration of computing, and communications and business disciplines as well as technical integration of enterprise components.

Why choose CCS Learning Academy?

CCS Learning Academy is one of the industry’s top CompTIA training partners, and we have a team dedicated to working exclusively with transitioning and experienced Veterans. We are honored to assist U.S. service members in transitioning from active duty to high-paying careers in the civilian IT workforce.

Your future is waiting.

Start the next phase of your career today!

Certifications Approved for DoD Directive 8570.01

While DoD Directive 8140 was issued to update and replace DoD 8570, the older Directive 8570 (technically, 8570.01) is still around. It may take a long time to issue a comprehensive manual covering the 8140 security requirements, which is why DoD 8140 still refers to the DoD 8570 manual (“DoD 8570.01-M”).

Like its successor, DoD 8570 requires all users of DoD information systems to meet certain compliance requirements. These requirements include holding certifications accredited by the American National Standards Institute (ANSI). Per the Directive, there are three levels of certification for Information Assurance Technicians (IAT) and Information Assurance Management (IAM) professionals. Anyone wishing to hold these kinds of positions at the U.S. DoD must obtain at least one of the certifications required for the relevant job level.


Download this guide to see the full list of approved baseline certifications per DoD Directive 8570.01.

DoD 8140, 8570.01-M, and 8570-Approved Courses from CCS Learning Academy

CISM: Certified Information Security Manager

38 Lessons
What you'll learn
Our CISM certification training and CISM online course provide in-depth coverage of the four domains required to pass the CISM exam.
Domain 1: Information Security Governance
Domain 2: Information Risk Management and Compliance
Domain 3: Information Security Program Development and Management
Domain 4: Information Security Incident Management

CISA: Certified Information Systems Auditor

10 Lessons
What you'll learn
Learn the specific requirements for passing the CISA Exam and attaining your CISA certification
Review key concepts, tasks, and knowledge related to the duties of an IS auditor, which serve as the foundation of the CISA Exam
Learn successful methods of evaluating CISA Exam questions and answers, including analysis and explanations of what the CISA does
Review useful, proven information on study and exam time management

CRISC: Certified Risk and Information Systems Control

27 Lessons
What you'll learn
By the end of either the CRISC certification training or CRISC online training course, you will master the four CRISC domains.
Domain 1: IT Risk Identification
Domain 2: IT Risk Assessment
Domain 3: Risk Response and Mitigation
Domain 4: Risk Control, Monitoring, and Reporting

CGEIT: Certified in the Governance of Enterprise IT

What you'll learn
Follow the format and structure of the CGEIT Certification Exam
Identify the various topics and technical areas covered by the exam
Enable students to implement strategies, tips, and techniques for taking and passing the exam
Apply key learning to practice questions

CompTIA PenTest+


CompTIA PenTest+

What you'll learn
Plan and scope penetration tests.
Conduct passive reconnaissance.
Perform non-technical tests to gather information.
Conduct active reconnaissance.
Analyze vulnerabilities.
Penetrate networks.
Exploit host-based vulnerabilities.
Test applications.
Complete post-exploit tasks.
Analyze and report pen test results.

CGRC – Certified in Governance, Risk and Compliance

91 Lessons
72 hours
All Levels
What you'll learn
Information Security Risk Management Program.
Scope of the Information System.
Selection and Approval of Security and Privacy Controls.
Implementation of Security and Privacy Controls.
Assessment/Audit of Security and Privacy Controls.
Authorization/Approval of Information System.
Perform Continuous Monitoring.

CISSP Exam Preparation Course


CISSP Exam Preparation Course

328 Lessons
120 hours
What you'll learn
In-depth coverage of the eight domains required to pass the CISSP exam
Domain 1: Security and Risk Management
Domain 2: Asset Security
Domain 3: Security Engineering
Domain 4: Communications and Network Security
Domain 5: Identity and Access Management
Domain 6: Security Assessment and Testing
Domain 7: Security Operations
Domain 8: Software Development Security

CCSP – Certified Cloud Security Professional

120 hours
What you'll learn
The CCSP certification training is designed to help you pass the CCSP exam on the first try.
This course focuses on of the six domains required to pass the CCSP exam
Domain 1: Architectural concepts and design requirements
Domain 2: Cloud data security
Domain 3: Cloud platform and infrastructure security
Domain 4: Cloud application security
Domain 5: Operations
Domain 6: Legal and compliance

SSCP – Systems Security Certified Practitioner

120 hours
What you'll learn
In-depth coverage of the seven domains required to pass the SSCP exam.
Domain 1: Access Control
Domain 2: Security Operations and Administration
Domain 3: Risk Identification, Monitoring, and Analysis
Domain 4: Incident Response and Recovery
Domain 5: Cryptography
Domain 6: Networks and Communications Security
Domain 7: Systems and Application Security

CSSLP – Certified Secure Software Lifecycle Professional

120 hours
All Levels
What you'll learn
The course on CSSLP teaches how to secure your applications. After having CSSLP certification from (ISC) ², your application security capability within the software development lifecycle will be authorized. In-depth coverage of the eight domains required to pass the CSSLP exam.
Domain 1: Secure Software Concepts
Domain 2: Security Software Requirements
Domain 3: Secure Software Design
Domain 4: Secure Software Implementation/Coding
Domain 5: Secure Software Testing
Domain 6: Software Acceptance
Domain 7: Software Deployment, Operation, Maintenance and Disposal
Domain 8: Supply Chain and Software Acquisition

Certified Ethical Hacker | CEH


Certified Ethical Hacker | CEH

120 hours
What you'll learn
Information security controls, laws, and standards.
Foot printing, foot printing tools, and countermeasures.
Network scanning techniques and scanning countermeasures.
Enumeration techniques and enumeration countermeasures.
Vulnerability analysis to identify security loopholes in the target organization’s network, communication infrastructure, and end systems.
System hacking methodology, steganography, stag analysis attacks, and covering tracks to discover system and network vulnerabilities.
Different types of malware (Trojan, Virus, worms, etc.), system auditing for malware attacks, malware analysis, and countermeasures.
Packet sniffing techniques to discover network vulnerabilities and countermeasures to defend against sniffing.
Social engineering techniques and how to identify theft attacks to audit human-level vulnerabilities and social engineering countermeasures.
DoS/DDoS attack techniques and tools to audit a target and DoS/DDoS countermeasures.
Session hijacking techniques to discover network-level session management, authentication/authorization, and cryptographic weaknesses and countermeasures.
Web Server attacks and a comprehensive attack methodology to audit vulnerabilities in web server infrastructure, and countermeasures.
Web application attacks, comprehensive web application hacking methodology to audit vulnerabilities in web applications, and countermeasures.
SQL injection attack techniques, injection detection tools to detect SQL injection attempts, and countermeasures.
Wireless encryption, wireless hacking methodology, wireless hacking tools, and Wi-Fi security tools.
Mobile platform attack vector, android vulnerability exploitations, and mobile security guidelines and tools.
Firewall, IDS and honeypot evasion techniques, evasion tools and techniques to audit a network perimeter for weaknesses, and countermeasures.
Cloud computing concepts (Container technology, serverless computing), the working of various threats and attacks, and security techniques and tools.
Penetration testing, security audit, vulnerability assessment, and penetration testing roadmap.
Threats to IoT and OT platforms and defending IoT and OT devices.
Cryptography ciphers, Public Key Infrastructure (PKI), cryptography attacks, and cryptanalysis tools.

Computer Hacking Forensic Investigator | CHFI

16 Lessons
120 hours
What you'll learn
Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling
Perform anti-forensic methods detection
Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
Extract and analyze of logs from various devices like proxy, firewall, IPS, IDS, Desktop, laptop, servers, SIM tool, router, firewall, switches AD server, DHCP logs, Access Control Logs & conclude as part of investigation process.
Identify & check the possible source / incident origin.
Recover deleted files and partitions in Windows, Mac OS X, and Linux
Conduct reverse engineering for known and suspected malware files
Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
The computer forensic investigation process and the various legal issues involved
Evidence searching, seizing, and acquisition methodologies in a legal and forensically sound manner
Types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category
Roles of the first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, and reporting the crime scene
Setting up a computer forensics lab and the tools involved in it
Various file systems and how to boot a disk
Gathering volatile and non-volatile information from Windows
Data acquisition and duplication rules
Validation methods and tools required
Recovering deleted files and deleted partitions in Windows, Mac OS X, and Linux
Forensic investigation using AccessData FTK and EnCase
Steganography and its techniques
Steganalysis and image file forensics
Password cracking concepts, tools, and types of password attacks
Investigating password protected files
Types of log capturing, log management, time synchronization, and log capturing tools
Investigating logs, network traffic, wireless attacks, and web attacks
Tracking emails and investigating email crimes
Mobile forensics and mobile forensics software and hardware tools
Writing investigative reports
Dark Web Forensics and IOT Forensics

CompTIA Cybersecurity Analyst (CySA+)

120 hours
What you'll learn
Assess information security risk in computing and network environments.
Analyze reconnaissance threats to computing and network environments.
Analyze attacks on computing and network environments.
Analyze post-attack techniques on computing and network environments.
Implement a vulnerability management program.
Collect cybersecurity intelligence.
Analyze data collected from security and event logs.
Perform active analysis on assets and networks.
Respond to cybersecurity incidents.
Investigate cybersecurity incidents.
Address security issues with the organization’s technology architecture.

CompTIA Security+


CompTIA Security+

91 Lessons
120 hours
What you'll learn
In this online CompTIA Security+ (SY0-601) Certification training course, you learn to:
Proactively implement sound security protocols to mitigate security risks
Quickly respond to security issues
Retroactively identify where security breaches may have occurred
Design a network, on-site or in the cloud, with security in mind

CCAS Check Point Certified Automation Specialist

13 Lessons
What you'll learn
Explain how automation and orchestration work together
Understand the key drivers for incorporating automation and orchestration into security management
Execute a shell script that demonstrates how to build a comprehensive Security Policy.
Recognize how the Check Point API framework integrates with R80 Security Management to support automation and orchestration of daily tasks
Describe Check Point API tools and demonstrate how they are used to manage Check Point Security Management solutions
Demonstrate how to define new objects and modify existing ones by using the Check Point API
Demonstrate how to create API commands to efficiently maintain the Check Point Security Management Server database
Demonstrate how to use different methods to update the database with API commands
Become familiar with client-side and server-side scripting and scripting languages
Understand how to use the Bash shell to develop APIs
Recognize and describe many of the open source tools that are available to assist with API development
Demonstrate how to use a custom REST application to update the database of a Security Management Server
Demonstrate how to use Postman to manage the Security Policy database through the Check Point API
Understand what steps to take to troubleshoot and debug API scripts
Demonstrate basic troubleshooting techniques by reviewing debugging messages in various forms
Understand how to use self-service portal capabilities to provide general IT services
Recognize how automation tools work with Check Point APIs to automate security management tasks and orchestrate workflow behind service portals
Demonstrate common tasks that are automated in a Web portal to manage the Security Policy

To say CCS helped me jumpstart my career is an understatement. CCS helps fresh graduates start their professional journey. They provide comprehensive training both technically and professionally that not only prepares you for a full-time job but also helps make you successful in other aspects of your life.

– Santosh Gadila
Senior IT Analyst
U.S. Department of Veteran Affairs

Get Certified for IT Jobs at the U.S. DoD

Call us at (858) 208-4141 or fill out the form below to get in touch with CCS Learning Academy’s Veteran team.
Upload Your Resume
(if applicable)

File(s) size limit is 20MB.

🎉Holiday Season Special! Get 20% OFF On LIVE Courses + FREE 12-month E-learning subscription worth $1595!
This is default text for notification bar